Add latest changes from gitlab-org/gitlab@master

5 files changed, 16 insertions, 19 deletions

diff --git a/app/models/deployment.rb b/app/models/deployment.rb
index fbb59173a3c..b118404b916 100644
--- a/app/models/deployment.rb
+++ b/app/models/deployment.rb
@@ -135,7 +135,7 @@ class Deployment < ApplicationRecord
   end
 
   def create_ref
-    project.repository.create_ref(ref, ref_path)
+    project.repository.create_ref(sha, ref_path)
   end
 
   def invalidate_cache
@@ -280,12 +280,12 @@ class Deployment < ApplicationRecord
     errors.add(:ref, _('The branch or tag does not exist'))
   end
 
-  private
-
   def ref_path
     File.join(environment.ref_path, 'deployments', iid.to_s)
   end
 
+  private
+
   def legacy_finished_at
     self.created_at if success? && !read_attribute(:finished_at)
   end
diff --git a/app/models/environment.rb b/app/models/environment.rb
index 4224a32a6d7..0e2962b893a 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -193,15 +193,6 @@ class Environment < ApplicationRecord
     folder_name == "production"
   end
 
-  def first_deployment_for(commit_sha)
-    ref = project.repository.ref_name_for_sha(ref_path, commit_sha)
-
-    return unless ref
-
-    deployment_iid = ref.split('/').last
-    deployments.find_by(iid: deployment_iid)
-  end
-
   def ref_path
     "refs/#{Repository::REF_ENVIRONMENTS}/#{slug}"
   end
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index 99212d09b8e..f06e9da3b2a 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -139,6 +139,10 @@ class Namespace < ApplicationRecord
     end
   end
 
+  def default_branch_protection
+    super || Gitlab::CurrentSettings.default_branch_protection
+  end
+
   def visibility_level_field
     :visibility_level
   end
diff --git a/app/models/project.rb b/app/models/project.rb
index f72e777c004..fdf7452d143 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -2359,6 +2359,12 @@ class Project < ApplicationRecord
     Gitlab::Routing.url_helpers.revoke_project_deploy_token_path(self, token)
   end
 
+  def default_branch_protected?
+    branch_protection = Gitlab::Access::BranchProtection.new(self.namespace.default_branch_protection)
+
+    branch_protection.fully_protected? || branch_protection.developer_can_merge?
+  end
+
   private
 
   def closest_namespace_setting(name)
diff --git a/app/models/protected_branch.rb b/app/models/protected_branch.rb
index 94c3b83564f..594c822c18f 100644
--- a/app/models/protected_branch.rb
+++ b/app/models/protected_branch.rb
@@ -11,7 +11,8 @@ class ProtectedBranch < ApplicationRecord
 
   def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
     # Maintainers, owners and admins are allowed to create the default branch
-    if default_branch_protected? && project.empty_repo?
+
+    if project.empty_repo? && project.default_branch_protected?
       return true if user.admin? || project.team.max_member_access(user.id) > Gitlab::Access::DEVELOPER
     end
 
@@ -20,7 +21,7 @@ class ProtectedBranch < ApplicationRecord
 
   # Check if branch name is marked as protected in the system
   def self.protected?(project, ref_name)
-    return true if project.empty_repo? && default_branch_protected?
+    return true if project.empty_repo? && project.default_branch_protected?
 
     self.matching(ref_name, protected_refs: protected_refs(project)).present?
   end
@@ -33,11 +34,6 @@ class ProtectedBranch < ApplicationRecord
     end
   end
 
-  def self.default_branch_protected?
-    Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_FULL ||
-      Gitlab::CurrentSettings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE
-  end
-
   def self.protected_refs(project)
     project.protected_branches
   end